{"vulnerability": "cve-2025-2109", "sightings": [{"uuid": "8d6dafc8-e37a-4c53-be1c-f6b8a6b4d4ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21091", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113952551509166497", "content": "", "creation_timestamp": "2025-02-05T17:52:27.146684Z"}, {"uuid": "880cfef0-7ca2-4561-90df-62b4ebff6ba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21091", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhh6kbyutm2w", "content": "", "creation_timestamp": "2025-02-05T18:16:40.922138Z"}, {"uuid": "4b213a33-c1d1-4c77-8283-39be4dff9488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2109", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll7jn7s2al24", "content": "", "creation_timestamp": "2025-03-25T14:54:39.158114Z"}, {"uuid": "598f56f4-e333-4264-a311-15715ba1e7dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21095", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ljts227odc2i", "content": "", "creation_timestamp": "2025-03-08T05:27:52.928182Z"}, {"uuid": "990bd261-7b48-4436-a6c1-409520dffe22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21092", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6468", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21092\n\ud83d\udd25 CVSS Score: 7.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others.\n\ud83d\udccf Published: 2025-03-04T23:49:12.458Z\n\ud83d\udccf Modified: 2025-03-04T23:49:12.458Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07", "creation_timestamp": "2025-03-05T00:33:49.000000Z"}, {"uuid": "39afbf29-ddf1-43c7-a5b0-59c643134ff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21092", "type": "seen", "source": "https://t.me/cvedetector/19561", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21092 - GMOD Apollo Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21092 \nPublished : March 5, 2025, 12:15 a.m. | 35\u00a0minutes ago \nDescription : GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T01:53:12.000000Z"}, {"uuid": "b3f03f36-bc62-48eb-8715-bddd59566ebd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21097", "type": "seen", "source": "https://t.me/cvedetector/19463", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21097 - OpenHarmony NULL Pointer Dereference DOS\", \n  \"Content\": \"CVE ID : CVE-2025-21097 \nPublished : March 4, 2025, 4:15 a.m. | 22\u00a0minutes ago \nDescription : in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T05:48:13.000000Z"}, {"uuid": "02c0b166-b20b-44ab-a9c5-6a63b2971647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21097", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21097\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.\n\ud83d\udccf Published: 2025-03-04T03:44:36.476Z\n\ud83d\udccf Modified: 2025-03-04T03:44:36.476Z\n\ud83d\udd17 References:\n1. https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md", "creation_timestamp": "2025-03-04T04:34:39.000000Z"}, {"uuid": "a0c784d7-aa9c-4e7b-97ab-ab3e12cf3aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21098", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6331", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21098\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through\u00a0out-of-bounds read bypass permission check.\n\ud83d\udccf Published: 2025-03-04T03:44:37.554Z\n\ud83d\udccf Modified: 2025-03-04T03:44:37.554Z\n\ud83d\udd17 References:\n1. https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md", "creation_timestamp": "2025-03-04T04:34:38.000000Z"}, {"uuid": "33ed029c-d133-4231-8ef5-0328f4f68ccc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21095", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02", "content": "", "creation_timestamp": "2025-03-04T11:00:00.000000Z"}, {"uuid": "74bb5541-2d50-4d39-abc6-e5e2e66f2120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21092", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07", "content": "", "creation_timestamp": "2025-03-04T11:00:00.000000Z"}, {"uuid": "230966fe-7d28-4b7c-bdf2-0dcd237ace0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21098", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "27369eec-a73e-4811-a65a-5800b961104f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21091", "type": "seen", "source": "https://t.me/cvedetector/17333", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21091 - F5 BIG-IP SNMP Request Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-21091 \nPublished : Feb. 5, 2025, 6:15 p.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization.  \n  \n   \n  \n  \nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T21:40:08.000000Z"}, {"uuid": "d013b276-e6d9-45a7-a1ea-7f5ab4d73e4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21095", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6545", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21095\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Path traversal may lead to arbitrary file download. The score without \nleast privilege principle violation is as calculated below. In \ncombination with other issues it may facilitate further compromise of \nthe device. Remediation in Version 6.8.0, release date: 01-Mar-25.\n\ud83d\udccf Published: 2025-03-05T15:19:16.713Z\n\ud83d\udccf Modified: 2025-03-05T15:19:16.713Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02\n2. https://www.keysight.com/us/en/contact.html\n3. https://support.ixiacom.com/\n4. https://support.ixiacom.com/support-overview/product-support/downloads-updates", "creation_timestamp": "2025-03-05T15:32:49.000000Z"}, {"uuid": "74b79af9-6f23-43c7-9321-b4cedb6e8254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2109", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8643", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2109\n\ud83d\udd25 CVSS Score: 5.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: The WP Compress \u2013 Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services.\n\ud83d\udccf Published: 2025-03-25T11:12:08.647Z\n\ud83d\udccf Modified: 2025-03-25T11:12:08.647Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/10b9d703-de9d-472a-bdfb-bc9a41bf375e?source=cve\n2. https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.30.15/wp-compress-core.php#L994\n3. https://wordpress.org/plugins/wp-compress-image-optimizer/#developers\n4. https://plugins.trac.wordpress.org/changeset/3254259/", "creation_timestamp": "2025-03-25T11:24:37.000000Z"}, {"uuid": "d60362b6-4513-4e42-9815-62bd97ea328e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21095", "type": "seen", "source": "https://t.me/cvedetector/19644", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21095 - Apache HTTP Server Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21095 \nPublished : March 5, 2025, 4:15 p.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : Path traversal may lead to arbitrary file download. The score without   \nleast privilege principle violation is as calculated below. In   \ncombination with other issues it may facilitate further compromise of   \nthe device. Remediation in Version 6.8.0, release date: 01-Mar-25. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T18:37:06.000000Z"}, {"uuid": "fb22c209-5428-4c7a-b9e5-69fa3eea470c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2109", "type": "seen", "source": "https://t.me/cvedetector/21083", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2109 - WordPress WP Compress SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-2109 \nPublished : March 25, 2025, 11:15 a.m. | 40\u00a0minutes ago \nDescription : The WP Compress \u2013 Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T13:38:25.000000Z"}, {"uuid": "b387a566-19ff-4f75-b517-5b40fe3d740f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21099", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16378", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21099\n\ud83d\udd25 CVSS Score: 5.4 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.\n\ud83d\udccf Published: 2025-05-13T21:02:33.556Z\n\ud83d\udccf Modified: 2025-05-14T19:13:17.804Z\n\ud83d\udd17 References:\n1. https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01259.html", "creation_timestamp": "2025-05-14T19:33:01.000000Z"}, {"uuid": "07379c87-f1a8-4ef1-9f63-284958417158", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21094", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16376", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21094\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access.\n\ud83d\udccf Published: 2025-05-13T21:02:32.095Z\n\ud83d\udccf Modified: 2025-05-14T19:20:11.242Z\n\ud83d\udd17 References:\n1. https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html", "creation_timestamp": "2025-05-14T19:32:57.000000Z"}, {"uuid": "de9be6df-1b02-483f-968e-09fda3005ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21092", "type": "seen", "source": "Telegram/AUbVP_TQLHae8rk5DRAr8SGPy7wsFkyTjHOyjhb2fiXH4_I", "content": "", "creation_timestamp": "2025-03-05T02:02:04.000000Z"}, {"uuid": "8a3b0a69-8d4b-4fe1-8524-a3bf049c4868", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21091", "type": "seen", "source": "Telegram/N741Cxbt1aX2esojNnkwExhb_EUx6H-2g9C1l-Jxb7Ylkqg", "content": "", "creation_timestamp": "2025-02-07T10:53:04.000000Z"}]}